[FFmpeg-cvslog] dfa: Put our pointer check back.
    Michael Niedermayer 
    git at videolan.org
       
    Sat May  4 15:05:15 CEST 2013
    
    
  
ffmpeg | branch: master | Michael Niedermayer <michaelni at gmx.at> | Sat May  4 14:37:22 2013 +0200| [e9e207ece7a22970a94a9094a12ec03250706212] | committer: Michael Niedermayer
dfa: Put our pointer check back.
The reimplementation by Libav does not prevent out of array
writes, even though it looks like it does at a quick glance.
No FFmpeg releases are affected by this
See: d1c95d2ce39560e251fdb14f4af91b04fd7b845c
     3623589edc7b1257bb45aa9e52c9631e133f22b6
     740ebe468c0567cac03ef7e6b4b9fd0253b97da2
Found-by: Mateusz "j00ru" Jurczyk and Gynvael Coldwind
Signed-off-by: Michael Niedermayer <michaelni at gmx.at>
> http://git.videolan.org/gitweb.cgi/ffmpeg.git/?a=commit;h=e9e207ece7a22970a94a9094a12ec03250706212
---
 libavcodec/dfa.c |    3 +++
 1 file changed, 3 insertions(+)
diff --git a/libavcodec/dfa.c b/libavcodec/dfa.c
index 6a095b2..bba7626 100644
--- a/libavcodec/dfa.c
+++ b/libavcodec/dfa.c
@@ -254,6 +254,9 @@ static int decode_wdlt(GetByteContext *gb, uint8_t *frame, int width, int height
             y        += skip_lines;
             segments = bytestream2_get_le16(gb);
         }
+
+        if (frame_end <= frame)
+            return AVERROR_INVALIDDATA;
         if (segments & 0x8000) {
             frame[width - 1] = segments & 0xFF;
             segments = bytestream2_get_le16(gb);
    
    
More information about the ffmpeg-cvslog
mailing list